Cisco Systems OL-5109-01 manual Phone Hardening, Disabling the Gratuitous ARP Setting

Page 1

C H A P T E R 4

Phone Hardening

To tighten security on the phone, you can perform tasks in the Phone

Configuration window of Cisco CallManager Administration.

This chapter contains information on the following topics:

Disabling the Gratuitous ARP Setting, page 4-1

Disabling Web Access Setting, page 4-2

Disabling the PC Voice VLAN Access Setting, page 4-2

Disabling the Setting Access Setting, page 4-3

Disabling the PC Port Setting, page 4-3

Performing Phone Hardening Tasks, page 4-4

Disabling the Gratuitous ARP Setting

By default, Cisco IP Phones accept Gratuitous ARP, or GARP, packets. GARPs, which are used by devices, announce the presence of the device on the network. However, attackers can use these packets to spoof a valid network device; for example, an attacker could send out a GARP that claims to be the default router. If you choose to do so, you can disable Gratuitous ARP in the Phone Configuration window of Cisco CallManager Administration.

Note Disabling GARP does not prevent the phone from identifying its default router.

 

 

Cisco IP Phone Authentication and Encryption for Cisco CallManager 4.0(1)

 

 

 

 

 

 

OL-5109-01

 

 

4-1

 

 

 

Page 1 Page 2
Image 1
Page 1 Page 2
Contents Phone Hardening Disabling the Gratuitous ARP SettingDisabling the PC Voice Vlan Access Setting Disabling Web Access SettingRelated Topics Disabling the PC Port Setting Disabling the Setting Access SettingPerforming Phone Hardening Tasks ProcedureClick Update OL-5109-01
Top Page Image Contents